Given that our f%$#ing light bulbs are being hijacked to DDOS Instagram influencers, legislation to regulate the so-called “Internet of Things” is long overdue:
Though it doesn’t grab the same headline attention as the silly and pointless TikTok ban, the lack of security and privacy standards in the internet of things (IOT) is arguably a much bigger problem. TikTok is, after all, just one app, hoovering up consumer data in a way that’s not particularly different from the 45,000 other international apps, services, governments, and telecoms doing much the same thing. The IOT, in contrast, involves millions of feebly secured products being attached to home and business networks every day. Many also made in China, but featuring microphones and cameras.
Thanks to a laundry list of lazy companies, everything from your Barbie doll to your tea kettle is now hackable. Worse, these devices are now being quickly incorporated into some of the largest botnets ever built, resulting in devastating and historic DDoS attacks. In short: thanks to “internet of things” companies that prioritized profits over consumer privacy and the safety of the internet, we’re now facing a security and privacy dumpster fire that many experts believe will, sooner or later, result in some notably nasty results.
To that end, the House this week finally passed the Internet of Things Cybersecurity Improvement Act, which should finally bring some meaningful privacy and security standards to the internet of things (IOT). Cory Gardner, Mark Warner, and other lawmakers note the bill creates some baseline standards for security and privacy that must be consistently updated (what a novel idea), while prohibiting government agencies from using gear that doesn’t pass muster. It also includes some transparency requirements mandating that any vulnerabilities in IOT hardware are disseminated among agencies and the public quickly:
I would suggest some additional requirements, like length of support requirements, and liability for the manufacturers and/or vendors.